HomesecurityChrome: Google fixes seventh zero-day bug in 5 months

Chrome: Google fixes seventh zero-day bug in 5 months

Η Google released it Chrome 91.0.4472.114 for Windows, Mac and Linux for correction four vulnerabilities, one of which is a serious one zero-day vulnerability, which has already begun to be used in attacks.

See also: Google Chrome: Automatically fixes broken passwords on Android

Google Chrome

This version was released yesterday, June 17, 2021, on the Stable desktop channel and will be available to all users in the coming days.

The Chrome browser will probably be upgraded automatically, but you can also do a manual update by going to Settings> Help> About Google Chrome.

Chrome browser: New zero-day vulnerability

"Google knows there is an exploit for vulnerabilities CVE-2021-30554", The company states in communication her.

Zero-day vulnerability is caused by one "Use after free" theme in WebGL (Web Graphics Library) JavaScript API, used by the Chrome web browser for rendering interactive 2D and 3D graphics without the use of plug-ins.

Exploiting this vulnerability could lead to Execute code on computers that are running updates for Google Chrome browser.

Chrome zero-day

Although Google says it is aware that the CVE-2021-30554 vulnerability has been used, it has not provided any information about these attacks.

See also: Google Workspace: Comes with client-side encryption and security features

"Access to bug details and links may remain restricted until most users are informed"The company said.

Google has fixed three more "use after free" bugs found on Chrome Sharing, WebAudio and TabGroups components (CVE-2021-30555, CVE-2021-30556, and CVE-2021-30557).

The seventh Chrome zero-vulnerability corrected by Google this year

Yesterday's update released by Google fixes the seventh Chrome zero-day vulnerability for this year. The other six are:

  • CVE-2021-21148 - 4 February 2021
  • CVE-2021-21166 - March 2, 2021
  • CVE-2021-21193 - March 12, 2021
  • CVE-2021-21220 - April 13, 2021
  • CVE-2021-21224 - April 20, 2021
  • CVE-2021-30551 - 9 June 2021

See also: New version of Chrome released - Fixes 14 security vulnerabilities!

In the meantime, the Kaspersky reported that a hacking group known as Puzzlemaker combines zero-day Chrome bugs with other vulnerabilities to get out of the browser sandbox and install malware on systems Windows.

Η Project Zero, Google's zero-day debugger team also unveiled a major campaign in which hackers used 11 zero-days to attack Windows, iOS and Android users.

Source: Bleeping Computer

Digital Fortress
Pursue Your Dreams & Live!